Sophos Enterprise Console is a single, automated console that manages and updates Sophos security software on computers running Windows, Mac OS X, Linux and UNIX operating systems.
Does this information look incorrect or out-of-date? Please contact us at support@socos.io.
Integration with Sophos Enterprise Console requires Sophos Reporting Interface and Sophos Reporting Log Writer modules to be installed and configured. These tools are available from the Sophos Downloads site
A 3rd party tool will also be required to forward log file output via syslog.
Before proceeding, please make sure you have completed the prerequisites listed above.
Installation of Sophos Log Writer with default configuration (displayed during installation as SophosLogWriterConfig.XML) will output two datafeeds (DefaultCommonEvents.log, DefaultThreats.log) in the 'Log Files' folder.
To start the Log Writer service:
Data for the last 7 days will be extracted when the service is started for the first time with the default configuration.
SOC.OS requires a syslog feed line-by-line from the DefaultThreats.log output. To monitor and forward these a 3rd party tool or script is required. Please see the Log File Forwarding wiki entry
https://www.sophos.com/en-us/medialibrary/PDFs/documentation/srlw_51_ugeng.pdf
https://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_52_sriugeng.pdf